The techniques known as “bandwidth policing” limit the traffic of data which is attributable to individual users or groups of users, for example according to the conditions of a contractual Subscriber Level Agreement (SLA). Bandwidth policing prevents users from using resources for which they have not paid, and, in the case of multiple users who share a particular resource, ensures that one user does not obtain an unfair share of that resource. A bandwidth policing engine is present for example in Access Aggregators and Ethernet switching equipment user for Customer Access in the last mile.
An example of bandwidth policing is in the context of the MDU (multiple dwelling units) or MTU (multiple tenant units), where a plurality of users in a building communicate with a communication network such as the Internet using a shared switching system (router).
One known algorithm for performing bandwidth policing is based on “token buckets”. Let us assume that a packet flow to be policed consists of a certain user transmitting packets. In this case, a “token bucket” is assigned to that flow. The user is notionally allocated “tokens” at a uniform rate (called a “replenish rate”). Whenever the user sends a packet he or she uses up as many tokens as the length of the packet. Whenever the user attempts to send a packet which is greater than the remaining number of tokens, action is taken, generally of one of the following types:                The packet is simply deleted (in the case of a transmission protocol such as TCP the transmission of packets can recover from packets being lost).        “Flow control”. A “back pressure” is applied to the user, for example a signal transmitted to the source of the packets indicating that no further packets should be sent for a certain time, or indefinitely until a signal is transmitted to permit transmission to recommence.        The quality of service is reduced, for example by lowering the priority level of packets transmitted by the user.        
Using this technique, the maximum average rate at which the user can transmit packets is limited to the replenish rate. In the event that the user does not use his or her tokens, they accumulate in the bucket up to a certain maximum: a “burst size”. A user with a full bucket can send a single burst of packets having a total size up to the burst size irrespective of the replenish rate r.
A known variation of the above technique is to take a first action when the number of tokens in the bucket falls below a first level, and a second and more severe action when the number of tokens falls below a second level. The first level defines the “bucket size” such that a packet can always be sent from the full bucket without action being taken, while the second level defines an “extended bucket size”, which can determine the time averaged maximum rate of sending packets.
Conventionally the above bandwidth policing algorithm is implemented using software in the router. However, this results in a computing overhead and slows down the operation of the router.